Common_Criteria_Paradigm

Common_Criteria_Paradigm - The Common Criteria(CC Paradigm...

Info iconThis preview shows pages 1–6. Sign up to view the full content.

View Full Document Right Arrow Icon
The Common Criteria (CC) Paradigm Stuart Katzke, Ph.D. Senior Research Scientist 100 Bureau Drive; Stop 8930 Gaithersburg, MD 20899 (301) 975-4768 [email protected] fax: (301) 975-4964
Background image of page 1

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
An Evolutionary Process Two decades of research and development… US-DOD TCSEC 1983-85 US-NIST MSFR 1990 Federal Criteria 1992 Europe ITSEC 1991 Canada TCPEC 1993 Common Criteria 1993-98 ISO 15408 Common Criteria 1999 European National/Regional Initiatives 1989-93 Canadian Initiatives 1989-93
Background image of page 2
The Common Criteria (International Standard-ISO/IEC 15408) What the standard is – Common structure and language for expressing product/system IT security requirements (Part 1) Catalog of standardized IT security requirement components and packages (Parts 2 and 3) How the standard is used: The CC Paradigm– Develop protection profiles and security targets -- specific IT security requirements and specifications for products and systems Evaluate Evaluate products and systems against known and understood IT security requirements
Background image of page 3

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
IT Security Requirements IT Security Requirements The Common Criteria defines two types of IT security requirements-- Functional Requirements - for defining security behavior of the IT product or system: implemented requirements become security functions Assurance Requirements - for establishing confidence in security functions: correctness of implementation effectiveness in satisfying security objectives Examples: Audit User Data Protection Cryptographic Support Examples: Development Configuration Management Life Cycle Support Testing Vulnerability Analysis
Background image of page 4
Evaluation Assurance Levels Evaluation Assurance Levels Common Criteria defines seven hierarchical assurance levels-- EAL1 EAL2 EAL3 EAL4 EAL5 EAL6 EAL7 Functionally Tested Structurally Tested Formally Verified Design & Tested EAL Designation
Background image of page 5

Info iconThis preview has intentionally blurred sections. Sign up to view the full version.

View Full DocumentRight Arrow Icon
Image of page 6
This is the end of the preview. Sign up to access the rest of the document.

This note was uploaded on 11/14/2011 for the course COMP 6370 taught by Professor Staff during the Fall '08 term at Auburn University.

Page1 / 21

Common_Criteria_Paradigm - The Common Criteria(CC Paradigm...

This preview shows document pages 1 - 6. Sign up to view the full document.

View Full Document Right Arrow Icon
Ask a homework question - tutors are online